Protecting Domain Name Assets

By John W. Bagby and John C. Ruhnka

Despite the bursting of the dot-com bubble, Internet business continues to expand at a rapid pace. Traditional “brick and mortar” businesses continue to adopt e-commerce features, and both business and governmental organizations are moving general information, catalogs, inquiries, orders, transaction processing, and payments online. Connecting customers and providers in this complex electronic environment is made possible by the domain name system (DNS). As e-commerce capabilities and revenues become an increasingly important dimension of more organizations, their domain name system assets become an increasingly valuable intangible. Consequently, monitoring and protecting such assurance of continuous name server operation has become increasingly important.

The Domain Name System

Every Internet web server has one or more unique Internet Protocol (IP) addresses, following the format “” The domain name system links these numerical IP addresses to easier-to-remember alphabetical names. These alphabetical IP address forms, known as web domain names, and the domain name system serve two critical functions in e-commerce.

First is a lookup and mapping function. In the massive network of networks that is the Internet, lookup and mapping is conducted by a global name server network that looks up IP addresses on behalf of user requests; it then maps the correct electronic route to the specific server requested. The system also answers inquiries from other name servers. In addition, lookup and mapping are used to route e-mail correctly.

The second key function of the domain name system is to strengthen and extend brand image; domain names that strongly identify a business or organization play a critical role both in attracting e-commerce business and in generating repeat traffic.

The Internet was developed by the U.S. government as a robust data communication network for defense and academic research purposes. By the 1990s, Internet communications transcended simple text files to include audio and visual media, and the Internet expanded beyond university and government researchers to include consumer and business users. Government and law enforcement agencies at all levels also adopted the Internet.

Large user networks developed in many nations, and by the late 1990s, the U.S. government acknowledged the Internet’s commercial and international transformation; they turned control of the domain name system and Internet technical interoperability standards over to an international nonprofit organization formed under U.S. auspices, called the International Corporation for Assigned Names and Numbers (ICANN). ICANN includes a generic names supporting organization, which approves generic Top-Level Domain registries (gTLDs) such as .com, .net, and .org, and an address supporting organization, which regulates address mapping and interoperability standards.

In the domain name, “cpaj” indicates the specific IP address of the organization and the “.com” suffix indicates the gTLD registry in which that IP address is located—in this case, the .com registry. In all non-U.S. countries, Internet addresses must additionally contain a country code suffix, such as .uk for Britain or .fr for France, identifying the specific country registry in which the IP address is located. Each generic and country code TLD registry is headed by an administrator who keeps track of all domain names listed in that registry. For example, the generic TLD registry .org is administered by the Public Interest Registry. Country code registries also have administrators; for example, the DotPH administrator maintains all .ph country code domain names for the Philippines, while in Vietnam, the Vietnam Internet Centre administers the country code .vn registry.

In addition, ICANN has authorized different commercial domain name registrars, such as Network Solutions, Inc. (NSI) or, to sell new domain names in approved generic and country code TLD registries. NSI, now part of VeriSign, has administered the generic domain name registries .com, .net, .org, and .edu in the private sector since 1979, under its former exclusive contract with the National Science Foundation. NSI also nonexclusively sells domain names, and has handled most of the major TLD registries. ICANN has accredited new TLDs, such as .biz, and has approved additional commercial companies as domain name registrars, such as

Global Internet Environment

Internet technology is rapidly spreading throughout the world; eventually, the United States will cease to constitute the largest Internet audience. North America presently has 165 million Internet users and Europe has 140.6 million, while the Pacific Rim has over 100 million users—and a population nearly eight times larger than North America or Europe. The much larger Pacific Rim population, and its increasing Internet use, will eventually produce a larger audience than either Europe or North America.

Countries take three general approaches to Internet operations. Numerous countries take a largely hands-off approach; for example, Israel has few substantive conditions on domain name issuance or Internet usage. On the other hand are nations that seek to impose strong control over domain name issuance in order to regulate Internet content, restrict traffic, tax e-commerce, conduct law enforcement, or protect political or social norms; China is an example of this more restrictive approach. Another example is Vietnam, which prohibits political groups from using the .vn country code registry unless they store all of their related data on servers located in Vietnam itself; foreign online newspapers must use the .vn registry in order to be distributed online in Vietnam. (See The Future of Ideas: The Fate of the Commons in a Connected World, by Lawrence Lessig, 2001.)

Other nations have sought to strengthen their Internet oversight by requiring firms to have a local presence before they are permitted to use that nation’s country code TLD. Both France and Australia have required e-commerce firms to be domesticated in these countries before they can register domain names in their respective directories. This strategy is potentially helpful in imposing national taxes on Internet transactions. Australia, however, recently weakened these requirements, and now permits offshore firms to use domain names registered in the .au country code register to conduct business in Australia, as long as the domain name is also registered as a trademark in Australia.

The United States and most European nations take a middle-ground approach to Internet regulation. Here, the issuance and regulation of domain names is left to ICANN, but a few areas of Internet use are subject to government regulation. For example, the United States regulates fraud and criminal activities on the web (such as promoting child pornography or using the web to engage in securities fraud) and provides legal remedies for domain name infringement. Individual U.S. states may also regulate some aspects of Internet activity, such as gambling, pornography, and defamation.

This approach partly reflects the present technical infeasibility of effectively blocking undesirable Internet content without intruding on First Amendment rights. It also reflects the prevailing laissez-faire attitude that most U.S. and European consumers take against governmental Internet regulation and e-commerce taxation.

Recent Domain Name System Developments

In order to aid increasing worldwide Internet use, ICANN recently approved internationalized domain names, or IDNs. Also referred to as multilingual domain names, IDNs provide linked translation services for users accessing foreign IDN addresses that translate the website into the language requested by the accessing party. Millions of such IDNs have been registered to date, although multilingual Internet use is not yet fully operational, due to delays in implementing the i-Nav plug-in translation software. VeriSign presently offers IDN translation for its .com and .net registries in Arabic, Chinese, English, Greek, Hebrew, Japanese, Korean, and Russian, with more languages expected to follow.

Many nations view ICANN as dominated by U.S. interests, leading to increasing international resistance to ICANN’s control over foreign country code TLD name systems, which theoretically give ICANN control over their domain name user information. The Canadian Internet Registration Authority recently appealed to the International Telecommunication Union, Telecom Standardization Sector, arguing that ccTLD Internet administrators should not submit to control by ICANN or the U.S. government. The Canadian Authority also argues that ICANN should share control over the Internet’s authoritative A-root server, and that each country should have unilateral control over its own country code registries.

At present, many third-world country code TLD registries are run by independent administrators. More than 20 country code TLDs are administered by nonprofit organizations, nine by private for-profit organizations, and five by academic institutions. However, there is a movement toward increasing government control over country code registries, and 10 country code TLD registries’ administrators are now either government agencies or departments with formal links to their national government. In June 2003, ICANN officially signaled its intent to stop pushing for centralized control over Internet regulation outside of the United States by establishing a quasi-independent Country Code Names Supporting Organization (ccNSO) within ICANN that represents the ccTLD national registries.

Increasing Global E-Commerce Complexity

Worldwide e-commerce will become more complex. More nations are likely to mandate that prior registration in their ccTLD is required before transacting online business. In turn, this will mean that U.S. entities will be forced to conduct foreign e-commerce under multiple ccTLD domain name registrations. While technically feasible, this would result in additional expense and complexity; it parallels the present cumbersome and expensive requirement to register U.S. patents and intellectual property in multiple foreign nations.

The Internet is presently robust and relatively immune to technical disruptions. Technical innovations, such as the encryption of credit card transactions, are generally deployed only if they offer both competitive advantages and backward compatibility. Efficient e-commerce depends upon a simple and reliable addressing system, inherent in uniform global treatment of domain names as the sole means for directing Internet communications. If ICANN’s present uniform technical address mapping standards for DNS addresses splinter, various national or regional DNS address standards could add to the complexity through differing treatments of domain name registrations and usage rights.

The United States imposed early uniform Internet technical standards, which preempted other nations from regulatory interference, and most e-commerce advocates believe that the present technical Internet interoperability will survive. Nations or regions that depart significantly from uniform technical standards risk being locked out of much global e-commerce, and this threat could deter nonuniform address standards by national ccTLD administering organizations. (See Ruling the Root: Internet Governance and the Taming of Cyberspace, by Milton L. Mueller, 2002.)

Legal Developments

There is presently no use requirement to register a domain name, and those seeking to use or sell such names in the future have speculatively registered millions of them. Those discovering that a domain name they wish to use is already registered in one or more TLD registries must purchase use rights from the name’s registered owners, unless superior legal rights can be enforced.

Another option when a desired name is already registered is the proposed “Wait Listing Service” (WLS) to be offered by VeriSign, which will allow a registrant who wants to use an existing domain name to purchase a WLS subscription. This automatically registers the desired domain name to the subscriber, should the existing owner not pay the annual registration renewal fees and thus allow the registration to lapse.

Despite current practice, numerous legal exceptions to the “first to register” rule have developed. The most important of these is when a domain name infringes on a registered trademark or trade name. Existing trademarks usually make the best domain names precisely because they incorporate existing consumer brand image recognition and goodwill.

In the United States, trademark infringement standards apply to domain name disputes if a trademark owner claims that its marks are infringed by another person’s domain name. Trademark infringement uses a “likelihood of confusion” test. Would the allegedly infringing mark confuse reasonable consumers about the source of a product, service, or message? In the context of the Internet, the key issue is whether users could be mistakenly directed to an unrelated third party’s location because of a domain name that capitalizes on an existing trademark.

U.S. trademarks are also protected from identical or confusingly similar domain names by the 1999 Anticybersquatting Consumer Protection Act (ACPA), which requires that domain name registrations not interfere with U.S. trademark rights. Congress enacted the ACPA to protect existing trademark owners from bad-faith ransom demands by “cybersquatters,” people who register existing trademarks or trade names, or sound-alike versions, as domain names. Their goal is to either force the trade name owner to ransom the domain name from them, or use the domain name to divert web traffic from the owner. ACPA makes it illegal to register, traffic in (offer for sale), or use a domain name that is “identical or confusingly similar” to existing trademarks.

ACPA protects marks arising under either state common-law rights (based on preexisting unregistered use) or federal trademark registration. Remedies under the ACPA, which require litigation in federal court, include monetary damages to recapture the defendant’s profits from wrongful mark usage, attorneys’ fees, and court-ordered cancellation or forced transfer of improper domain names to the rightful trademark owners.

Litigation against an alleged cybersquatter requires service of process on the registered owner of an allegedly infringing domain name, in order to establish legal jurisdiction; this is often difficult. To remedy this, the ACPA provides an interesting jurisdictional wrinkle. In situations where the trademark owner cannot locate or obtain legal jurisdiction over the domain name owner, the trademark owner can proceed in rem against the allegedly infringing domain name itself. Under the ACPA, in rem domain name actions can be filed in the federal judicial district in which the domain name registrar is located; for example, Virginia’s Northern District, where VeriSign is located. Alternately, the ACPA authorizes an in rem action to be filed in any judicial district where “documents sufficient to establish control and authority regarding disposition of the registration and use of the domain are deposited with the court.” This is accomplished by filing a court-stamped copy of an ACPA in rem complaint with the domain registrar. Thereafter, the registrar must deposit the disputed domain names with the court and freeze their transfer until litigation is completed.

Two recent federal cases involving domain names have narrowed the ACPA’s in rem provisions. In Harrods, Ltd. v. Sixty Internet Domain Names, Harrods’ Argentinean affiliate had registered 60 infringing domain names with VeriSign. All 60 domain names were based on the Harrods name (e.g., The Fourth Circuit Court of Appeals affirmed an in rem lawsuit against the 60 domain names in the Federal District of Northern Virginia, where VeriSign was located. Aggrieved mark owners thus need not bring an ACPA suit in the alleged cybersquatter’s home venue, in this case Argentina. Harrods also ruled that trademark owners may bring suits for domain name infringement under the ACPA, even if the cybersquatter was not acting in bad faith—which brings the ACPA’s standards for infringement in line with conventional trademark practices.

In Mattel, Inc. v., however, the Second Circuit Court in New York ruled that ACPA’s in rem jurisdiction must be limited to the federal judicial district where the domain name registry—not the registrar or name issuer—is located. This case involved several marks of the toy maker Mattel, including Barbie, Matchbox, and Hot Wheels. The 54 allegedly infringing domain names were registered in varying forms; some were misspellings, and several added words to Mattel’s marks. Mattel’s in rem suit in New York was dismissed because all of the 54 disputed domain names were registered in TLD registries located in states other than New York. The court explained that the ACPA’s in rem jurisdiction cannot offend due process or international comity by allowing federal jurisdiction in a venue totally unrelated to the alleged cybersquatter’s location, or to the domain name registry’s physical location (Mattel, Inc. v., 310 F.3d 293; 2d Cir. 2002).

The Uniform Dispute Resolution Procedure

Besides the ACPA, 1999 also saw the beginning of ICANN’s arbitration procedure for resolving trademark-based domain name disputes, called the Uniform Dispute Resolution Procedure (UDRP). All registrars in the .com, .net, .org, .biz., .info, and .name TLDs must provide UDRP arbitration in the case of disputes involving domain names they have issued. With UDRP, arbitration is binding on all registered domain name owners, once someone files a complaint against one of their domain names with the registrar. UDRP is a speedier and much less costly procedure, in which ICANN-approved arbitrators resolve disputes over domain name rights. UDRP will cancel or transfer a challenged domain name in the following circumstances:

  • The domain name was registered or acquired primarily for the purpose of selling, renting, or otherwise transferring the registration to the complainant, who owns the trademark or service mark, or to a competitor of that complainant, for valuable consideration in excess of the documented out-of-pocket costs directly related to the name.
  • The domain name was registered in order to prevent the trademark or service mark owner from reflecting the mark in a corresponding domain name, and the registrant has engaged in a pattern of such conduct.
  • The domain name was registered primarily for the purpose of disrupting a competitor’s business.
  • The domain name was intentionally registered to attract Internet users for commercial gain by creating a likelihood of confusion with the complainant’s mark as to the source, sponsorship, affiliation, or endorsement of the website, or of a product or service on the website.

UDRP is also useful for resolving international domain name disputes, as UDRP arbitration hearings are ex parte (based only on submitted documents), and parties and their witnesses need not be present during arbitration. UDRP’s primary drawback for resolving serious cybersquatting problems is that its remedies are limited to canceling or transferring improper domain names, and do not include economic damages. UDRP findings do not prohibit subsequent court litigation of the same issue, and may be appealed—both of which are a departure from most arbitration practice (see

To date, UDRP has issued decisions in more than 7,309 domain name disputes, involving almost 13,000 domain names. Nearly 70% were decided in favor of trademark owners, although that percentage is now decreasing, probably because the overwhelming success of trademark owners has slowed cybersquatting activities, and because many of the most blatant infringing registrations have already been contested.

Strategies for Protecting Domain Name Assets

Domain name assets are critical to organizational functioning and brand image on the Internet, and a number of different mechanisms are available to protect them. The first is “defensive” domain name registration, where a business or organization registers its trademarks and brand names as domain names, including sound-alike misspellings of such names. This is typically done in the most-used generic TLDs, such as .com, .net, and .org.

Further defensive registrations are theoretically required each time ICANN authorizes additional generic TLD registries, such as .biz, .info, .name, and .aero, or new country-code TLD registries, such as the proposed European Union directory, .eu. The total cost of annual renewal fees to maintain defensive registrations in many different TLDs can be prohibitive.

When it comes to combating potentially infringing domain names, a broad range of remedies is available. Because many cybersquatters never actually use these names, confrontational remedies may be overkill. A very basic first step is to monitor important TLD registries for potential infringing names. When found, the registered owner can be sent a “soft notice.” This is a formal letter to the domain name registrant indicating that the mark owner considers the domain name to infringe his trademarks and business, and that he will take legal action in the event of any use of the name.

Internet watch services can monitor the web for use of potentially infringing domain names, and then notify mark owners when actual use occurs. Trademark-monitoring bots (automated search engines or spiders) can also be used to discover infringing name usage. Actual or continued use can, in turn, be followed by a “hard notice,” a formal cease-and-desist letter that threatens legal action in the event of continued use of the potentially infringing domain name.

Anti-Cybersquatting Remedies

Available anti-cybersquatting remedies consist of at least six recognizable tiers (see the Exhibit). Periodic monitoring and enforcement of Internet domain name assets is a necessity for any business or organization, because failure to prosecute infringing domain name use may be viewed as abandonment of that mark. Thus, a first-tier monitoring strategy is not a complete solution. In the event of continuing name usage, a more confrontational cease-and-desist notice—that formally warns the alleged cybersquatter to cease use immediately or face litigation—must be used circumspectly. In a few instances, a mark owner’s attempts to intimidate alleged public-interest users of its marks to criticize or ridicule the owner have received negative publicity. Litigation to halt criticism or alleged defamation of a business on the web (cybersmearing) has often been effectively defeated on First Amendment grounds.

The fourth-tier remedy, settlement negotiations, in which mark owners offer nominal compensation to passive cybersquatters, can be cost-effective. Such payments should be offered only for nominal amounts, however, and should be lower than the cost of UDRP arbitration to cancel the offending names. The fifth-tier remedy, using UDRP arbitration proceedings to cancel or transfer infringing domain names, is cheaper and faster than federal litigation, but it does not provide for economic damages. Finally, ACPA provides the strongest available deterrent at the highest cost. Litigation should be reserved for major mark confusion or dilution cases where economic damages and attorneys’ fees are recoverable.

Approximately 29 million domain names are currently registered in all generic TLD registries worldwide; however, the increase in registered domain names appears to be slowing. Despite the introduction of new generic and country code TLDs, business and trademark owners appear to be less ready to defensively register every conceivable variation or misspelling, and less ready to register their marks in every available domain to prevent potential infringements. The introduction of low-cost UDRP arbitration in the event of cybersquatting, and its effectiveness even against foreign infringing registrations, has likely contributed to this slowdown. The bottom line is that the increasing alignment between existing trademark rights and rights in domain names is generally good news for businesses moving into e-commerce.

Managing Domain Name System Assets

Today, domain name system assets are increasingly important to virtually every business. Just a few years ago, their potential value often went unrecognized and underappreciated.

As with the responsible stewardship of any asset, tangible or intangible, there are several key steps for managing domain name system assets. Direct responsibility should be placed in specific individuals, preferably teams knowledgeable in the various aspects of brand image management, trademark law, domain name practices, and name server operations and security. Domain names for the major generic and country code TLDs should be included in the advance planning for any new products or services that are expected to become commercial brands.

Auditing DNS Assets

Asset stewardship in today’s economy requires the periodic audit of domain name system assets. This review should include monitoring domain name registrations and Internet activity for possible trademark or use infringements as described above, as well as an assessment of web domain names’ effectiveness in conveying brand image. An effectiveness audit of these assets should identify and assess all brand image components, determine the strength of trademark rights, estimate the rights to control relevant domain names, and consider the policies and commitment of supply chain affiliates in their various relationships (linking, framing, referrals, and search results). A company should also consider how easy it is for customers to find their e-commerce site through major search engines, especially as compared to competitors’ sites.

A final aspect of a DNS audit is ensuring that the name servers that direct users to specific websites, or DNS zones, are operational around the clock. A DNS zone is an exclusive electronic zone under a registered domain name, and an organization may establish one or many zones under its registered DNS name. Having multiple servers in different geographic locations for each important zone increases the assurance of continuous name server operation, provides redundancy in case of technical problems in the Internet, and enables faster responses to website requests or mapping inquiries by foreign name servers. Another technique links name servers to multiple ISP networks, so that an outage in one network does not cut off all web access. Finally, name servers should be protected against denial of service, virus, and other electronic attacks by up-to-date software and hardware security measures, and by adequate monitoring by competent technical support staff.

John W. Bagby, JD, is a professor of business law at Pennsylvania State University.
John C. Ruhnka, JD, LLM, is a professor of management at the University of Colorado at Denver.